-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: lisa install creates user without password Advisory number: CSSA-1999:012.0 Issue date: 1999 May 26 Cross reference: ______________________________________________________________________________ 1. Problem Description Old style install with lisa creates user "help" with uid=0 and gid=0 and no password 2. Vulnerable Versions Systems: OpenLinux 2.2 (old style installation) Packages: previous to install-138 3. Solutions - if already installed, edit the /etc/passwd and /etc/shadow file and remove the lines starting with "help" - use the new style lizard install 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/launch/lisa/floppy 5. Installing Fixed Packages No package installation needed. For future installations use the most recent floppy images. 6. Verification ecbf5d160345d1065750a2ac66a049d7 install.144 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html Additional documentation on this problem can be found in: http://geek-girl.com/bugtraq/1999_2/0422.html 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBN0vVlOn+9R4958LpAQHaBAP/Qd5EBG06bDcqh23PPCTBaene3wTl2ayd o46vKMq4MhqWu8e75CrLOYx6DiUqr9y2HOchHaVjNxkdHYvliVeiWLBy8rrjao7Q 5tCv0c5h91WNWNtORDciBhugV8Rcnaqi1+xTWwM0QaBT+mEoxK1/+e3hxYC65Fpz 9wj0eJD/2wQ= =+Eo2 -----END PGP SIGNATURE-----